Security and privacy are foundational to how AcuBliss is built. Here's a complete overview of how your patient data is stored, protected, and handled from infrastructure to AI.
Hosting & Data Residency
All patient data β including backups β is stored and processed exclusively within the United States. Our production systems run on AWS (Amazon Web Services) across the us-east-1, us-east-2, and us-west-1 regions. AWS is the world's largest cloud provider and powers over a third of all SaaS companies.
Security & Encryption
AcuBliss meets HIPAA compliance requirements for protected health information (PHI), with encryption applied both at rest and in transit.
Multi-Factor Authentication (MFA): Available for both staff and patients, configurable per clinic. We use authenticator app-based MFA β not SMS β for stronger account protection.
Audit Logs: Every transaction involving PHI access generates an audit log, ensuring full traceability and accountability.
Penetration Testing: We've completed successful penetration tests conducted by a Certified Information Systems Security Professional (CISSP) with ISC2 certification.
AI Data Governance
No third-party AI vendors or external model providers ever receive PHI. When AI features are used, prompts are processed as one-shot requests and are not retained by those providers.
No PHI shared with AI providers: Our closest third-party integration is Fullscript β and even there, we share only internal patient identifiers, never protected health information.
No AI training on patient data: Patient data is never used to train or fine-tune any AI models, under any circumstances.
BAA-governed API connections: Unlike individual consumer AI products, AcuBliss operates under Business Associate Agreements (BAAs) with our API providers β which means our data is not used for model training.
Backups & Data Exports
Your data is backed up automatically and more securely than a local copy would be. Personal computers and hard drives can be stolen, lost, or compromised far more easily than a professionally secured cloud platform. The most secure backup is already running automatically inside our infrastructure.
For day-to-day needs, individual records can be exported two ways:
Patient chart PDF: Use the PDF Queue (the printer icon in the patient chart) to export a full patient record.
Demographics spreadsheet: Download patient demographics directly from the Patient List.
π‘ Heads up: If you download patient data locally, delete it from your device once you're done processing it β local files carry more security risk than data stored inside the platform.
Data Deletion & Exit
If you're migrating to a new platform or closing your practice, we can facilitate a one-time full data export. Once you've departed, patient data is removed from all active systems.
π‘ Note: Data may persist within database backups for a defined period as required by applicable regulations. This is a legal retention requirement, not indefinite storage.
The bottom line
AcuBliss & ChiroBliss are built from the ground up with healthcare data security in mind β HIPAA-compliant encryption, independent certifications, strict AI governance, and automatic backups across all layers. Your patients' information is protected at every level. Questions? We're always here to help. β¨